The most common type of spam email targeting New Zealand banks is a phishing email, where the sender tries to steal sensitive information by pretending to be a trustworthy organisation or person. They’ll often use a logo from the organisation they’re pretending to be from and will usually ask you to click on a link to confirm details.

Example: In a typical phishing attack targeting Kiwibank customers, an offender sends an email that looks like it's from Kiwibank. These emails may contain official-looking logos and other information or images you'd associate with Kiwibank. They'll also contain links to replicas of the Kiwibank Internet Banking login page, where the offenders hope to trick Kiwibank customers into disclosing their internet banking details.

Suspicious emails

A suspicious email is any email, or a link within an email, that asks you to disclose any of your banking information. We'll never ask you to disclose your internet banking login details by email or by clicking on a link within an email.

How we protect you

Although we can’t prevent phishing emails being sent, we do everything we can to reduce the effectiveness of these scams. We work with a company called FraudWatch International to have the fake sites shut down as quickly as possible. FraudWatch International are world leaders in online fraud prevention and protect millions of consumers around the world from phishing, malware, and other types of online attacks.

How you can protect yourself

  • We recommend you never reply or click any links to any phishing emails. Replying to these emails will confirm to the offenders that they have a valid email address. This is likely to result in a flood of spam emails in the future.
  • Please forward any suspicious emails or Kiwibank-related phishing emails you receive to for investigation, then delete it.
  • If you haven't clicked on the link or submitted your details, you're not at risk. If you're a Kiwibank customer and have clicked on a link and submitted your internet banking login details from an email, please change your password and Keepsafe questions and contact us immediately.
  • You should be able to hover your mouse over the link to see what website it's actually going to. If it's not directing you to the business website of the company that sent you the email, then it's likely that it's a phishing email. This is a good way to check, no matter who has sent you the email, if it's a legitimate email.

Possible threats to your computer

Keeping the security up to date on your computer or device is a bit like keeping your gutters clean – it prevents more harm from happening. Here are some common security issues you can experience.


Viruses are passed from computer to computer like a biological virus passes from person to person. They're commonly transferred by email. Most computer fraud programmes are passed on by a virus.


Spyware is programming that's put in a computer secretly to gather information about the user, which is then passed onto advertisers or other interested parties.


Trojans can be sent to your computer as an email, attachment or embedded in a website. It enters your computer undetected, giving fraudsters unrestricted access to your data. It can transmit confidential data including credit card details even if you're not accessing that data at the time.


Worms are computer programmes that have the ability to copy themselves from machine to machine. It normally moves around and infect other machines through computer networks. Using a network, a worm can expand incredibly quickly.

How we protect you

  • We use digital certificates that verify that you're connected to our official internet banking website. These certificates also confirm that all communication between you and Kiwibank is encrypted and therefore secure.
  • Our internet banking security team monitors internet banking transactions and looks out for unusual transactions. You may receive a call from a member of our monitoring team to verify a payment made using internet banking.
  • If your internet banking password is entered incorrectly three times, access to internet banking will be blocked. This prevents anyone from making multiple attempts to guess your password.
  • The pages you visit while logged in to internet banking are not cached. This means that other people can't use your computer to view your bank account details by selecting the browser back button.
More about how we protect you online

How you can protect yourself

  • Avoid using third party services to access internet banking.
  • Double check that you're on the official Kiwibank website before logging in -
  • Use caution when using public or shared computers. Wait and do your online banking on a computer you know has the necessary protection.
  • Install anti-virus, anti-spyware and firewall. Scan the software at least every 30 days and update them regularly.
  • Update your operating system security regularly.
More about protecting yourself online

Possible threats to your mobile phone

Threats to the data on your mobile phone usually come from malicious apps that you or someone else who has access to your phone download. These malicious apps may gather user data – what sites you access, what you buy, etc. and can silently send or receive premium rate text messages or calls.

How you can protect yourself

It’s important to remember that most apps are not malicious, but you can still follow a few simple tips to ensure your mobile phone remains safe and secure.

  • Have a PIN on your phone and don’t share it with anyone.
  • Don’t use the same PIN for everything, e.g. EFTPOS card, mobile phone or internet banking login.
  • Always check the history of your downloads – especially if you’ve allowed someone else like your kids to use your phone.
  • Before you download an app, especially a free app, check the ratings and reviews.